Answered by:

How to configure Attachment Filter agent on Exchange 2013 ?

Question

I have installed Exchange 2013 (Mailbox + Client Access role) without Edge . I tried but

Enable-TransportAgent -Identity "Attachment Filter agent"

isn't work , as I google The Connection Filter agent and the Attachment Filter agent are only available on an Edge Transport server .
The default anti-malware policy doesn't let me configure what file type should be block , recipient / sender should be excluded . How can I manage it ?

Answers

The Malware Filter runs on every 2013 Mailbox server to protect against malware and viruses. For more info, see
Anti-Malware Protection.

Outlook and OWA are configured by default to block 'evil' attachment types like .com, .bat, .exe, .vbs, etc., so you users will never see them. The blocked Outlook 2010 types are listed
here, and you can see the blocked OWA types by running the command: Get-OwaMailboxPolicy Default | select -ExpandProperty BlockedFileTypes.

Since you definitely can't run the Attachment Filter agent on a Mailbox server, you have a couple of choices:

All replies

In Exchange 2010, when you enabled the anti-spam agents on a Hub Transport server, the Attachment Filter agent was the only anti-spam agent that wasn't available. In Exchange 2013,
when you enable the anti-spam agents in the Transport service on a Mailbox server, the Attachment Filter agent and the Connection Filtering agent aren't available. The Connection Filtering agent provides IP Allow List and IP Block List capabilities. For information
about how to enable the anti-spam agents on a Mailbox server, see
Enable Anti-Spam Functionality on a Mailbox Server.

Thank for reply Simon,
I enabled
anti-spam agents in the Transport service on a Mailbox server , I know that
Attachment Filter agent and the Connection Filtering agent aren't available .
What if people attach exe , cmd , bat , php , vbs , ... to message and send it to my user ?
I don't have any antivirus or security software on my Exchange server to protect it.
I attempt to use Kaspersky Koss 3 but they haven't release version for Exchange 2013 yet.

The Malware Filter runs on every 2013 Mailbox server to protect against malware and viruses. For more info, see
Anti-Malware Protection.

Outlook and OWA are configured by default to block 'evil' attachment types like .com, .bat, .exe, .vbs, etc., so you users will never see them. The blocked Outlook 2010 types are listed
here, and you can see the blocked OWA types by running the command: Get-OwaMailboxPolicy Default | select -ExpandProperty BlockedFileTypes.

Since you definitely can't run the Attachment Filter agent on a Mailbox server, you have a couple of choices:

The Connection Filtering agent doesn't work on Exchange 2013 Mailbox servers or Client Access servers, so it would do you no good to use Add-IPAllowListEntry. You can get Connection Filtering if you install an Exchange 2010/2007 Edge Transport
server.

You can use a combination of BypassedRecipients, BypassedSenders, or BypassedSenderDomains on Set-ContentFilterConfig to exempt specific senders or recipients from scanning by the Content Filter agent. For more information, see
Manage Content Filtering.

Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.